feat: account migration (#10507)

* add Move activity * add endpoint to move from local to remote * follow move activity coming to inbox * fix move endpoint * add known-as endpoint to create account alias * add migration page * add route to migration page * add move and known-as endpoints * fix dependnecies error * fix new endpoints * fix move activity id * fix refollow * add movedToUri and alsoKnownAs to api * fix moveToUri indicator * fix missing context * add chengelog * rename MkMoved to MkAccountMoved * add missing semicolon * fix targetUri * fix followings query * remove redundant null check
2023-04-08 01:16:26 -04:00
parent fa67fb42b1
commit 25ebb73756
24 changed files with 676 additions and 58 deletions
--- a/packages/backend/src/server/api/EndpointsModule.ts
+++ b/packages/backend/src/server/api/EndpointsModule.ts
@@ -220,6 +220,8 @@ import * as ep___i_signinHistory from './endpoints/i/signin-history.js';
 import * as ep___i_unpin from './endpoints/i/unpin.js';
 import * as ep___i_updateEmail from './endpoints/i/update-email.js';
 import * as ep___i_update from './endpoints/i/update.js';
+import * as ep___i_move from './endpoints/i/move.js';
+import * as ep___i_knownAs from './endpoints/i/known-as.js';
 import * as ep___i_webhooks_create from './endpoints/i/webhooks/create.js';
 import * as ep___i_webhooks_show from './endpoints/i/webhooks/show.js';
 import * as ep___i_webhooks_list from './endpoints/i/webhooks/list.js';
@@ -551,6 +553,8 @@ const $i_signinHistory: Provider = { provide: 'ep:i/signin-history', useClass: e
 const $i_unpin: Provider = { provide: 'ep:i/unpin', useClass: ep___i_unpin.default };
 const $i_updateEmail: Provider = { provide: 'ep:i/update-email', useClass: ep___i_updateEmail.default };
 const $i_update: Provider = { provide: 'ep:i/update', useClass: ep___i_update.default };
+const $i_move: Provider = { provide: 'ep:i/move', useClass: ep___i_move.default };
+const $i_knownAs: Provider = { provide: 'ep:i/known-as', useClass: ep___i_knownAs.default };
 const $i_webhooks_create: Provider = { provide: 'ep:i/webhooks/create', useClass: ep___i_webhooks_create.default };
 const $i_webhooks_list: Provider = { provide: 'ep:i/webhooks/list', useClass: ep___i_webhooks_list.default };
 const $i_webhooks_show: Provider = { provide: 'ep:i/webhooks/show', useClass: ep___i_webhooks_show.default };
@@ -886,6 +890,8 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
 		$i_unpin,
 		$i_updateEmail,
 		$i_update,
+		$i_move,
+		$i_knownAs,
 		$i_webhooks_create,
 		$i_webhooks_list,
 		$i_webhooks_show,
@@ -1215,6 +1221,8 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
 		$i_unpin,
 		$i_updateEmail,
 		$i_update,
+		$i_move,
+		$i_knownAs,
 		$i_webhooks_create,
 		$i_webhooks_list,
 		$i_webhooks_show,
--- a/packages/backend/src/server/api/endpoints.ts
+++ b/packages/backend/src/server/api/endpoints.ts
@@ -220,6 +220,8 @@ import * as ep___i_signinHistory from './endpoints/i/signin-history.js';
 import * as ep___i_unpin from './endpoints/i/unpin.js';
 import * as ep___i_updateEmail from './endpoints/i/update-email.js';
 import * as ep___i_update from './endpoints/i/update.js';
+import * as ep___i_move from './endpoints/i/move.js';
+import * as ep___i_knownAs from './endpoints/i/known-as.js';
 import * as ep___i_webhooks_create from './endpoints/i/webhooks/create.js';
 import * as ep___i_webhooks_show from './endpoints/i/webhooks/show.js';
 import * as ep___i_webhooks_list from './endpoints/i/webhooks/list.js';
@@ -549,6 +551,8 @@ const eps = [
 	['i/unpin', ep___i_unpin],
 	['i/update-email', ep___i_updateEmail],
 	['i/update', ep___i_update],
+	['i/move', ep___i_move],
+	['i/known-as', ep___i_knownAs],
 	['i/webhooks/create', ep___i_webhooks_create],
 	['i/webhooks/list', ep___i_webhooks_list],
 	['i/webhooks/show', ep___i_webhooks_show],
--- a/packages/backend/src/server/api/endpoints/i/known-as.ts
+++ b/packages/backend/src/server/api/endpoints/i/known-as.ts
@@ -0,0 +1,92 @@
+import { Injectable } from '@nestjs/common';
+import ms from 'ms';
+
+import { User } from '@/models/entities/User.js';
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { ApiError } from '@/server/api/error.js';
+
+import { AccountMoveService } from '@/core/AccountMoveService.js';
+import { RemoteUserResolveService } from '@/core/RemoteUserResolveService.js';
+import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { ApiLoggerService } from '@/server/api/ApiLoggerService.js';
+
+export const meta = {
+	tags: ['users'],
+
+	secure: true,
+	requireCredential: true,
+
+	limit: {
+		duration: ms('1day'),
+		max: 30,
+	},
+
+	errors: {
+		noSuchUser: {
+			message: 'No such user.',
+			code: 'NO_SUCH_USER',
+			id: 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5',
+		},
+		notRemote: {
+			message: 'User is not remote. You can only migrate from other instances.',
+			code: 'NOT_REMOTE',
+			id: '4362f8dc-731f-4ad8-a694-be2a88922a24',
+		},
+		uriNull: {
+			message: 'User ActivityPup URI is null.',
+			code: 'URI_NULL',
+			id: 'bf326f31-d430-4f97-9933-5d61e4d48a23',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		alsoKnownAs: { type: 'string' },
+	},
+	required: ['alsoKnownAs'],
+} as const;
+
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		private userEntityService: UserEntityService,
+		private remoteUserResolveService: RemoteUserResolveService,
+		private apiLoggerService: ApiLoggerService,
+		private accountMoveService: AccountMoveService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			// Check parameter
+			if (!ps.alsoKnownAs) throw new ApiError(meta.errors.noSuchUser);
+
+			let unfiltered = ps.alsoKnownAs;
+			const updates = {} as Partial<User>;
+
+			if (!unfiltered) {
+				updates.alsoKnownAs = null;
+			} else {
+				// Parse user's input into the old account
+				if (unfiltered.startsWith('acct:')) unfiltered = unfiltered.substring(5);
+				if (unfiltered.startsWith('@')) unfiltered = unfiltered.substring(1);
+				if (!unfiltered.includes('@')) throw new ApiError(meta.errors.notRemote);
+
+				const userAddress = unfiltered.split('@');
+				// Retrieve the old account
+				const knownAs = await this.remoteUserResolveService.resolveUser(userAddress[0], userAddress[1]).catch((e) => {
+					this.apiLoggerService.logger.warn(`failed to resolve remote user: ${e}`);
+					throw new ApiError(meta.errors.noSuchUser);
+				});
+
+				const toUrl: string | null = knownAs.uri;
+				if (!toUrl) throw new ApiError(meta.errors.uriNull);
+				// Only allow moving from a remote account
+				if (this.userEntityService.isLocalUser(knownAs)) throw new ApiError(meta.errors.notRemote);
+
+				updates.alsoKnownAs = updates.alsoKnownAs?.concat([toUrl]) ?? [toUrl];
+			}
+
+			return await this.accountMoveService.createAlias(me, updates);
+		});
+	}
+}
--- a/packages/backend/src/server/api/endpoints/i/move.ts
+++ b/packages/backend/src/server/api/endpoints/i/move.ts
@@ -0,0 +1,136 @@
+import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
+
+import type { Config } from '@/config.js';
+import { DI } from '@/di-symbols.js';
+
+import { Endpoint } from '@/server/api/endpoint-base.js';
+import { ApiError } from '@/server/api/error.js';
+
+import { AccountMoveService } from '@/core/AccountMoveService.js';
+import { RemoteUserResolveService } from '@/core/RemoteUserResolveService.js';
+import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { ApiLoggerService } from '@/server/api/ApiLoggerService.js';
+import { GetterService } from '@/server/api/GetterService.js';
+import { ApPersonService } from '@/core/activitypub/models/ApPersonService.js';
+
+export const meta = {
+	tags: ['users'],
+
+	secure: true,
+	requireCredential: true,
+	limit: {
+		duration: ms('1day'),
+		max: 5,
+	},
+
+	errors: {
+		noSuchMoveTarget: {
+			message: 'No such move target.',
+			code: 'NO_SUCH_MOVE_TARGET',
+			id: 'b5c90186-4ab0-49c8-9bba-a1f76c202ba4',
+		},
+		remoteAccountForbids: {
+			message:
+				'Remote account doesn\'t have proper \'Known As\' alias. Did you remember to set it?',
+			code: 'REMOTE_ACCOUNT_FORBIDS',
+			id: 'b5c90186-4ab0-49c8-9bba-a1f766282ba4',
+		},
+		notRemote: {
+			message: 'User is not remote. You can only migrate to other instances.',
+			code: 'NOT_REMOTE',
+			id: '4362f8dc-731f-4ad8-a694-be2a88922a24',
+		},
+		rootForbidden: {
+			message: 'The root cant migrate.',
+			code: 'NOT_ROOT_FORBIDDEN',
+			id: '4362e8dc-731f-4ad8-a694-be2a88922a24',
+		},
+		noSuchUser: {
+			message: 'No such user.',
+			code: 'NO_SUCH_USER',
+			id: 'fcd2eef9-a9b2-4c4f-8624-038099e90aa5',
+		},
+		uriNull: {
+			message: 'User ActivityPup URI is null.',
+			code: 'URI_NULL',
+			id: 'bf326f31-d430-4f97-9933-5d61e4d48a23',
+		},
+		localUriNull: {
+			message: 'Local User ActivityPup URI is null.',
+			code: 'URI_NULL',
+			id: '95ba11b9-90e8-43a5-ba16-7acc1ab32e71',
+		},
+		alreadyMoved: {
+			message: 'Account was already moved to another account.',
+			code: 'ALREADY_MOVED',
+			id: 'b234a14e-9ebe-4581-8000-074b3c215962',
+		},
+	},
+} as const;
+
+export const paramDef = {
+	type: 'object',
+	properties: {
+		moveToAccount: { type: 'string' },
+	},
+	required: ['moveToAccount'],
+} as const;
+
+// eslint-disable-next-line import/no-default-export
+@Injectable()
+export default class extends Endpoint<typeof meta, typeof paramDef> {
+	constructor(
+		@Inject(DI.config)
+		private config: Config,
+
+		private userEntityService: UserEntityService,
+		private remoteUserResolveService: RemoteUserResolveService,
+		private apiLoggerService: ApiLoggerService,
+		private accountMoveService: AccountMoveService,
+		private getterService: GetterService,
+		private apPersonService: ApPersonService,
+	) {
+		super(meta, paramDef, async (ps, me) => {
+			// Check parameter
+			if (!ps.moveToAccount) throw new ApiError(meta.errors.noSuchMoveTarget);
+			// Abort if user is the root
+			if (me.isRoot) throw new ApiError(meta.errors.rootForbidden);
+			// Abort if user has already moved
+			if (me.movedToUri) throw new ApiError(meta.errors.alreadyMoved);
+
+			let unfiltered = ps.moveToAccount;
+			if (!unfiltered) throw new ApiError(meta.errors.noSuchMoveTarget);
+
+			// Parse user's input into the destination account
+			if (unfiltered.startsWith('acct:')) unfiltered = unfiltered.substring(5);
+			if (unfiltered.startsWith('@')) unfiltered = unfiltered.substring(1);
+			if (!unfiltered.includes('@')) throw new ApiError(meta.errors.notRemote);
+
+			const userAddress = unfiltered.split('@');
+			// Retrieve the destination account
+			const remoteMoveTo = await this.remoteUserResolveService.resolveUser(userAddress[0], userAddress[1]).catch((e) => {
+				this.apiLoggerService.logger.warn(`failed to resolve remote user: ${e}`);
+				throw new ApiError(meta.errors.noSuchMoveTarget);
+			});
+			const moveTo = await this.getterService.getRemoteUser(remoteMoveTo.id);
+			if (!moveTo.uri) throw new ApiError(meta.errors.uriNull);
+			await this.apPersonService.updatePerson(moveTo.uri);
+			// Only allow moving to a remote account
+			if (this.userEntityService.isLocalUser(moveTo)) throw new ApiError(meta.errors.notRemote);
+
+			let allowed = false;
+
+			const fromUrl = `${this.config.url}/users/${me.id}`;
+			// Make sure that the user has indicated the old account as an alias
+			moveTo.alsoKnownAs?.forEach((elem) => {
+				if (fromUrl.includes(elem)) allowed = true;
+			});
+
+			// Abort if unintended
+			if (!(allowed && moveTo.uri && fromUrl)) throw new ApiError(meta.errors.remoteAccountForbids);
+
+			return await this.accountMoveService.moveToRemote(me, moveTo);
+		});
+	}
+}